Add latest changes from gitlab-org/gitlab@master

app/assets/javascripts/repository/components/blob_viewers/audio_viewer.vue

@@ -0,0 +1,20 @@
+<script>
+export default {
+  props: {
+    blob: {
+      type: Object,
+      required: true,
+    },
+  },
+  data() {
+    return {
+      src: this.blob.rawPath,
+    };
+  },
+};
+</script>
+<template>
+  <div class="gl-text-center gl-p-7">
+    <audio :src="src" controls data-testid="audio"></audio>
+  </div>
+</template>

app/assets/javascripts/repository/components/blob_viewers/index.js

@@ -7,6 +7,7 @@ const viewers = {
   text: () => import('~/vue_shared/components/source_viewer/source_viewer.vue'),
   pdf: () => import('./pdf_viewer.vue'),
   lfs: () => import('./lfs_viewer.vue'),
+  audio: () => import('./audio_viewer.vue'),
 };
 
 export const loadViewer = (type, isUsingLfs) => {

app/views/shared/doorkeeper/applications/_delete_form.html.haml

@@ -2,9 +2,9 @@
 = form_tag path do
   %input{ :name => "_method", :type => "hidden", :value => "delete" }
   - if defined? small
-    = button_tag type: "submit", class: "gl-button btn btn-danger btn-icon", data: { confirm: _("Are you sure?") } do
+    = button_tag type: "submit", class: "gl-button btn btn-danger btn-icon", data: { confirm: _("Are you sure?"), confirm_btn_variant: "danger" } do
       %span.sr-only
         = _('Destroy')
       = sprite_icon('remove')
   - else
-    = submit_tag _('Destroy'), data: { confirm: _("Are you sure?") }, class: submit_btn_css
+    = submit_tag _('Destroy'), data: { confirm: _("Are you sure?"), confirm_btn_variant: "danger" }, aria: { label: _('Destroy') }, class: submit_btn_css

doc/administration/job_artifacts.md

@@ -307,6 +307,33 @@ To migrate back to local storage:
 
 ## Expiring artifacts
 
+> [In GitLab 14.6](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/76504), we improved the performance of removing expired artifacts, introduced [with a flag](feature_flags.md) named `ci_destroy_all_expired_service`. Disabled by default.
+
+FLAG:
+On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to 
+[enable the feature flag](feature_flags.md) named `ci_destroy_all_expired_service`. The feature is not ready for 
+production use.
+On GitLab.com, this feature is not available.
+
+### Removing expired job artifacts on GitLab self-managed instances
+
+In the process of migrating old artifacts for our SaaS customers, we are working to resolve any potential unrecoverable data loss for self-managed customers for artifacts that they may not want deleted yet. Before we can use the more performant way of cleaning up expired artifacts, we need to do some remediation to make sure customers don't lose their data, which is part of our effort in [the relevant epic](https://gitlab.com/groups/gitlab-org/-/epics/7097).
+
+Two options are available:
+
+- If you don't need any artifacts created before 2020-06-23, an Administrator can enable the worker for removing expired CI/CD artifacts:
+
+   ```ruby
+   Feature.enable(:ci_destroy_all_expired_service)
+   ```
+
+- If you want to keep any artifacts (including job logs) before 2020-06-23, follow the [progress of the migration effort](https://gitlab.com/groups/gitlab-org/-/epics/7097) where we work on a resolution to have this flag fully enabled in a future release.
+
+Alternatively, Administrators can also run commands in the Rails console to
+[delete artifacts from completed jobs prior to a specific date](#delete-job-artifacts-from-jobs-completed-before-a-specific-date).
+
+### Usage details
+
 If [`artifacts:expire_in`](../ci/yaml/index.md#artifactsexpire_in) is used to set
 an expiry for the artifacts, they are marked for deletion right after that date passes.
 Otherwise, they expire per the [default artifacts expiration setting](../user/admin_area/settings/continuous_integration.md).

doc/topics/autodevops/index.md

@@ -172,7 +172,7 @@ To disable it, follow the same process and clear the
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/52447) in GitLab 11.10.
 
 When you enable Auto DevOps at group level, the subgroups and projects in that
-group inherit the configuration. This saves you time by batch-enabling it
+group inherit the configuration. This saves you some time by batch-enabling it
 rather than enabling individually for each subgroup or project.
 
 When enabled for a group, you can still disable Auto DevOps
@@ -207,7 +207,7 @@ instance become enabled. This is convenient when you want to run Auto DevOps by
 default for all projects. You can still disable Auto DevOps individually for
 the groups and projects where you don't want to run it.
 
-Only GitLab administrators can enable or disable Auto DevOps in the instance
+Only GitLab administrators can enable or disable Auto DevOps at the instance
 level.
 
 Even when disabled for an instance, group owners and project maintainers
@@ -234,7 +234,7 @@ and clear the **Default to Auto DevOps pipeline** checkbox.
 
 ### Quick start
 
-To guide your through the process of setting up Auto DevOps to deploy to a Kubernetes cluster on
+To guide you through the process of setting up Auto DevOps to deploy to a Kubernetes cluster on
 Google Kubernetes Engine (GKE), see the [quick start guide](quick_start_guide.md).
 
 You can also follow the quick start for the general steps, but deploy to

doc/user/application_security/dast/index.md

@@ -105,7 +105,7 @@ services: # use services to link your app container to the dast job
 
 variables:
   DAST_FULL_SCAN_ENABLED: "true" # do a full scan
-  DAST_ZAP_USE_AJAX_SPIDER: "true" # use the ajax spider
+  DAST_BROWSER_SCAN: "true" # use the browser-based GitLab DAST crawler
 ```
 
 Most applications depend on multiple services such as databases or caching services. By default, services defined in the services fields cannot communicate
@@ -314,6 +314,7 @@ include:
 
 variables:
   DAST_FULL_SCAN_ENABLED: "true"
+  DAST_BROWSER_SCAN: "true" # use the browser-based GitLab DAST crawler
 ```
 
 If your DAST job exceeds the job timeout and you need to reduce the scan duration, we shared some
@@ -455,6 +456,7 @@ include:
 variables:
   GIT_STRATEGY: fetch
   DAST_PATHS_FILE: url_file.txt  # url_file.txt lives in the root directory of the project
+  DAST_BROWSER_SCAN: "true" # use the browser-based GitLab DAST crawler
 ```
 
 ##### Use `DAST_PATHS` CI/CD variable
@@ -470,6 +472,7 @@ include:
 
 variables:
   DAST_PATHS: "/page1.html,/category1/page1.html,/page3.html"
+  DAST_BROWSER_SCAN: "true" # use the browser-based GitLab DAST crawler
 ```
 
 When using `DAST_PATHS` and `DAST_PATHS_FILE`, note the following:
@@ -547,6 +550,7 @@ include:
 variables:
   DAST_WEBSITE: https://example.com
   DAST_SPIDER_MINS: 120
+  DAST_BROWSER_SCAN: "true" # use the browser-based GitLab DAST crawler
 ```
 
 Because the template is [evaluated before](../../../ci/yaml/index.md#include) the pipeline
@@ -790,6 +794,7 @@ include:
 dast:
   variables:
     DAST_WEBSITE: "https://example.com"
+    DAST_BROWSER_SCAN: "true" # use the browser-based GitLab DAST crawler
     ...
     DAST_AUTH_VERIFICATION_URL: "https://example.com/user/welcome"
 ```
@@ -808,6 +813,7 @@ include:
 dast:
   variables:
     DAST_WEBSITE: "https://example.com"
+    DAST_BROWSER_SCAN: "true" # use the browser-based GitLab DAST crawler
     ...
     DAST_AUTH_VERIFICATION_SELECTOR: "css:.welcome-user"
 ```
@@ -826,6 +832,7 @@ include:
 dast:
   variables:
     DAST_WEBSITE: "https://example.com"
+    DAST_BROWSER_SCAN: "true" # use the browser-based GitLab DAST crawler
     ...
     DAST_AUTH_VERIFICATION_LOGIN_FORM: "true"
 ```
@@ -847,6 +854,7 @@ include:
 dast:
   variables:
     DAST_WEBSITE: "https://my.site.com"
+    DAST_BROWSER_SCAN: "true" # use the browser-based GitLab DAST crawler
     ...
     DAST_AUTH_URL: "https://my.site.com/admin"
     DAST_BROWSER_PATH_TO_LOGIN_FORM: "css:.navigation-menu,css:.login-menu-item"
@@ -875,6 +883,7 @@ An example configuration where the authentication debug report is exported may l
 dast:
   variables:
     DAST_WEBSITE: "https://example.com"
+    DAST_BROWSER_SCAN: "true" # use the browser-based GitLab DAST crawler
     ...
     DAST_AUTH_REPORT: "true"
   artifacts:

doc/user/application_security/sast/index.md

@@ -661,6 +661,25 @@ repositories and thus require credentials like username and password to download
 Depending on the analyzer, such credentials can be provided to
 it via [custom CI/CD variables](#custom-cicd-variables).
 
+#### Using a CI/CD variable to pass username and password to a private Go repository
+
+If your Go project depends on private modules, see
+[Fetch modules from private projects](../../packages/go_proxy/index.md#fetch-modules-from-private-projects)
+for how to provide authentication over HTTPS.
+
+To specify credentials via `~/.netrc` provide a `before_script` containing the following:
+
+```yaml
+gosec-sast:
+  before_script:
+    - |
+      cat <<EOF > ~/.netrc
+      machine gitlab.com
+      login $CI_DEPLOY_USER
+      password $CI_DEPLOY_PASSWORD
+      EOF
+```
+
 #### Using a CI/CD variable to pass username and password to a private Maven repository
 
 If your private Maven repository requires login credentials,

spec/frontend/repository/components/blob_viewers/audio_viewer_spec.js

@@ -0,0 +1,23 @@
+import { shallowMount } from '@vue/test-utils';
+import AudioViewer from '~/repository/components/blob_viewers/audio_viewer.vue';
+
+describe('Audio Viewer', () => {
+  let wrapper;
+
+  const DEFAULT_BLOB_DATA = {
+    rawPath: 'some/audio.mid',
+  };
+
+  const createComponent = () => {
+    wrapper = shallowMount(AudioViewer, { propsData: { blob: DEFAULT_BLOB_DATA } });
+  };
+
+  const findContent = () => wrapper.find('[data-testid="audio"]');
+
+  it('renders an audio source component', () => {
+    createComponent();
+
+    expect(findContent().exists()).toBe(true);
+    expect(findContent().attributes('src')).toBe(DEFAULT_BLOB_DATA.rawPath);
+  });
+});